Mac computers that have the Apple T2 Security Chip integrate security into both software and hardware to provide encrypted-storage capabilities. Data on the built-in, solid-state drive (SSD) is encrypted using a hardware-accelerated AES engine built into the T2 chip. This encryption is performed with 256-bit keys tied to a unique identifier within the T2 chip.
The advanced encryption technology integrated into the T2 chip provides line-speed encryption, but it also means that if the portion of the T2 chip containing your encryption keys becomes damaged, you might need to restore the content of your drive from a backup. This content includes system files, apps, accounts, preferences, music, photos, movies, and documents.
Always back up your content to a secure external drive or other secure backup location so that you can restore it, if necessary. You should also turn on FileVault for additional security, because without FileVault enabled, your encrypted SSDs automatically mount and decrypt when connected to your Mac.
Make a backup
Set up Time Machine or another backup method to regularly back up your Mac to a secure external source.
Files that you store in iCloud Drive, as well as photos and videos that you store in iCloud Photo Library, are automatically uploaded to iCloud. When you use iCloud Photo Library, full-resolution photos and videos are stored on your Mac by default and included in a Time Machine backup. If you choose to optimize iCloud Photo Library on your Mac, the full-resolution originals are not included in a Time Machine backup.
Turn on FileVault
Though the SSD in computers that have the Apple T2 Security Chip is encrypted, you should turn on FileVault so that your Mac requires a password to decrypt your data.
To turn on FileVault, follow these steps:
- Choose Apple menu () > System Preferences, then click Security & Privacy.
- Click the FileVault tab.
- Click , then enter an administrator name and password.
- Click Turn On FileVault.